|
@@ -15,9 +15,10 @@ encfs_password: "{{ lookup('password', secret + '/' + 'encfs_password', length=3
|
15
|
15
|
letsencrypt_server: "https://acme-v01.api.letsencrypt.org/directory"
|
16
|
16
|
|
17
|
17
|
# ssh
|
18
|
|
-kex_algorithms: "diffie-hellman-group-exchange-sha256"
|
19
|
|
-ciphers: "aes256-ctr,aes192-ctr,aes128-ctr"
|
20
|
|
-macs: "hmac-sha2-512,hmac-sha2-256,hmac-ripemd160"
|
|
18
|
+# Following https://infosec.mozilla.org/guidelines/openssh
|
|
19
|
+kex_algorithms: "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256"
|
|
20
|
+ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
|
|
21
|
+macs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com"
|
21
|
22
|
|
22
|
23
|
# ntp
|
23
|
24
|
ntp_servers:
|